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MANAGEMENT TOOL AND GRAPHICAL INTERFACE FOR CONTROL OF 
AN OPEN INTERNET PROTOCOL SERVICES PLATFORM 

BACKGROUND 

5 The Field Of The Invention: This invention relates 

generally to the management of open Internet Protocol 
(IP) tools and services. Specifically, the present 
invention is management software having a graphical 
interface that facilitates management of a new type of 
10 Open IP Services Platform that provides network 

services that are typically performed by discrete 
components . 

Background of the Invention: Access to the Internet or 

15 other global information networks is generally 

becoming a commodity as Service Providers (SPs) and 
Local Exchange Carriers (LECs) look to new value-added 
applications and services in order to retain 
customers, attract new business clients, and generate 

20 revenue. Enterprises face a limited supply of 

certified network administrators, increased demand for 
high-bandwidth network services, and the need to 
reduce the total cost of ownership while preserving 
existing infrastructure investments. 

25 Unfortunately, existing solutions for SPs and 

LECs fall short in a number of important areas. For 
example, most customer-premise equipment (CPE) is not 
Telco quality, thus resulting in inconsistent, 
unreliable service and problematic service agreements. 

30 Next, integration between network devices from a 

variety of vendors is difficult at best. Furthermore, 
a lack of extensibility and flexibility makes CPE 
difficult to scale. New application services can 
require a large upgrade, or at least a visit to the 

-* 
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customer to modify or replace equipment. There are 
almost always new costs associated with every new 
piece of Internet Protocol (IP) functionality, as well 
as additional management issues. Finally, each piece 
5 of equipment requires a separate management interface, 

preventing network-wide visibility. 

The issues above all combine to prevent delivery 
of revenue -generating, differentiated IP services to 
an increasingly demanding customer base. 

10 Current network designs typically require a 

discrete piece of equipment for each network function 
to be performed. For example, an Enterprise will 
typically include network devices that interface with 
desktop computers and servers, and connect them to the 

15 Internet or other network. The network devices 

includes servers, switches, routers, bridges, 
firewalls, load balancers, packet shapers, etc. 
Managing this wide conglomeration of network devices 
requires a significant amount of time and vendor- 

20 specific expertise. 

As network requirements expand and change, the 
need for specialized network services also changes. 
For example, repositioning a single network device 
within a network architecture dis advantageously 

25 necessitates both network downtime and a physical 

presence to make the changes. It is useful to examine 
a typical network configuration for an Enterprise to 
better understand the problem. 

Figure 1 is an illustration of a typical network 

30 topology 10 of the prior art. The interface between 

desktops 12 and servers 14 to a network, such as the 
Internet 16, typically includes network devices or 
components such as a router 18, a firewall 20, a 
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packet shaper 22, and at least one switch, but where 
two switches 24, 26 are shown in this figure. Another 
server 28 might also be part of this interface, when 
the server is providing network services such as in an 
5 SQL server, DNS server, Web server, etc. 

Each of the discrete components listed above is 
disposed within its own "box." Each box occupies a 
certain amount of space, or footprint. Each box must 
also have its own power supply. Finally, each box 
10 will have a unique interface that typically requires 

substantial knowledge of the. device in order to 
operate . 

It would be an advantage over the state of the 
art to provide network administrators with a 

15 management tool that enables graphical control over 

all of the components that are installed within the 
Open IP Services Platform in order to provide a 
consolidated, flexible, scalable, and less complex 
management solution that can be customized according 

20 to a customer's needs. Such management software and 

graphical interface should enable network components, 
both the hardware and the software , to be included 
from any vendor. It would also be an advantage to 
decrease the level of complexity of the solution such 

25 that management software can be operated by a person 

with limited computer network and vendor- specific 
knowledge . 

In order to assist the network administrator, it 
would also be an advantage to provide a plurality of 
30 pre -configured or "canned" or pre -configured graphical 

network configurations. Thus, for relatively simple 
network configurations, the administrator would not 
even have to design the network topology, as long as 
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the available network components matched the pre- 
configured network configuration. 

It would also be an advantage over the prior art 
to provide a solution where the network configuration 
5 can be modified on the fly using the new management 

tool and graphical interface. The management tool 
should also be capable of enabling control of the 
system, if desired, down to single network port 
control, or sophisticated enough to manage all of the 

10 network ports as determined by network conditions. 

It would also be an advantage to provide a 
plurality of these systems such that they can be 
coupled together in a large network, be it the 
Internet, or a more localized WAN or LAN topology. 

15 The system should also enable spare processing 

capability to be made available for other 
applications, without degradation of the network 
functions being performed. 

It would also be an advantage to provide third 

20 parties with the ability to have greater control of 

how their plug- in hardware or software operates with 
the invention by enabling programming of ActiveX 
modules that enable components to be dragged and 
dropped in the new management tool and graphical 

25 interface. 

Summary of Invention: It is an object of the present 
invention to provide a system that utilizes a new 
management tool having a graphical interface for 
3 0 organizing and controlling Open IP Services Platforms 

disposed in a network. 

It is another object to provide the system 
wherein the management tool provides the ability to 



/ 
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drag and drop icons representing network components 
into any desired configuration, wherein the network 
components include a router, bridge, load balancer, 
firewall, packet shaper, switch, server, or any other 
5 network devices. 

It is another object to provide the system 
wherein the interconnections between the network 
components are modified through the management tool. 
It is another object to provide the system 

10 'wherein the interconnections made by the management 

tool between network components can be modified 
without taking the network down to make the changes. 

The present invention is embodied in a system 
comprising a management tool having a graphical 

15 interface for controlling Open IP Services Platforms, 

wherein the platforms provide any combination of 
functions of common network devices such as routers, 
bridges, firewalls, packet shapers, switches, load 
balancers, and servers in a single device, wherein the 

2 0 network devices are interconnected to function as a 

network through the management tool that enables drag- 
and-drop configuration of the network devices, and 
wherein configuration of the network is performed 
through changes in software and not physical 

2 5 rearrangement . 

These and other objects, features, advantages and 
alternative aspects of the present invention will 
become apparent to those skilled in the art from a 
consideration of the following detailed description 

30 taken in combination with the accompanying drawings. 



Description of the drawings; 

Figure 1 is a block diagram of a typical network 
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topology of the prior art. 

Figure 2 is a block diagram that is made in 
accordance with the principles of the presently 
pref erred embodiment . 
5 Figure 3 is a block diagram that explains how the 

Open IP Services Platform 30 incorporates a Level 4 
switch router at the bottom level, and a general 
purpose central processing unit (CPU) 34 at the top 
level . 

10 Figure 4 is a block diagram that is provided to 

give greater detail to the configuration of the Open 
IP Services Platform. 

Figure 5 is an example of the COREVISTA WEB(TM) 
main page. 

15 Figure 6 is an example of the Open IP Services 

Platform's hardware ports. 

Figure 7 is an example of the selected ports 
configuration page. 

Figure 8 an example of users and the application 
20 module which each user can access. 

Figure 9 is an example of the configuration 
management page. 

Figure 10 is an example of a port-based 
statistics page. 
25 Figure 11 is an example of a port -based 

statistics graph. 

Figure 12 is an example of a protocol statistics 

page . 

Figure 13 is an example of a protocol statistics 
3 0 graph . 

Figure 14 is an example of an APACHE (TM) 
management page. 

Figure 15 is an example of a Virtual Hosts Page. 
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Figure 16 is an example of a Bandwidth Management 

page. 

Figure 17 is an example of a DHCP network 
parameters page. 

Figure 18 is an example of a DNS management page. 
Figure 19 is an example of a Firewall Management 

page. 

Figure 20 is an example of a Network Address 
Translation (NAT) Interface page. 
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Figure 26 is 
Interface page. 
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VLAN Management 
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VPN Client 


25 


Configuration page. 












Figure 29 is 


an 


example 
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FTP page. 




Figure 30 is 


an 


example 


of 


the 


SSH page. 
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an 


example 
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the 


SWAT page. 
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example 


of 


the 


WEBMIN(TM) page. 
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Figure 33 is 


an 


example 


of 


a COREVISTA(TM) 



configuration page. 



Detailed Description; Reference will now be made to 
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the drawings in which the various elements of the 
present invention will be given numerical designations 
and in which the invention will be discussed so as to 
enable one skilled in the art to make and use the 
5 invention. It is to be understood that- the following 

description is only exemplary of the principles of the 
present invention, and should not be viewed as 
narrowing the claims which follow. 

The present invention is a unique software 

10 management tool that enables a network administrator 

to design, configure, and control a network utilizing 
drag-and-drop icons that represent the network 
components that are provided in Open IP Services 
Platforms. The management tool is provided by 

15 EmergeCore Networks, and will be referred to 

hereinafter as COREVISTA WEB (TM) . 

COREVISTA WEB (TM) is an important element of an 
overall system that includes the Open IP Services 
Platforms as described in the patent application cited 

20 at the beginning of this document. COREVISTA WEB (TM) 

is the software tool that manages the Open IP Services 
Platforms. The Open IP Services Platforms are capable 
of functions that are found in no other device. To 
understand the benefits of COREVISTA WEB (TM) , it is 

25 useful to discuss some of the advantages of this Open 

IP Services Platform. 

Typical network components include but are not 
limited to routers, bridges, firewalls, packet 
shapers, switches, load balancers, and servers. These 

30 devices can all be found on a first side of the. 

router, wherein on the second side, the router 
functions as a gateway to networks such as LAN 
segments, WANs, and the Internet or other global 
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information networks. The specific topology of these 
networks on the first side of the router can vary 
significantly depending upon the needs and functions 
of the local network segment. Thus, several of the 
5 problems that the present invention overcomes include 

1) the total number of physical devices that may be 
required for a network, 2) the number of wires that 
must be installed between the devices, 3) the time 
required to configure the devices, 4) the level of 

10 knowledge of the person that is installing the 

devices, 5) an understanding and memory of the 
specific topology that has been set up, and 6) the 
ability to reconfigure a network topology on- the- fly. 
The presently preferred embodiment of the 

15 invention is able to overcome these problems for 

several reasons. First, all of the network devices 
can be physically disposed within a single unit, or 
Open IP Services Platform. Obviously, there are many 
obstacles that must be overcome to do this. For 

20 example, the Open IP Services Platform of the present 

invention is constructed to accept network components 
from third parties. In other words, it is not a 
feature of the present invention to provide these 
network components, rather it is an aspect of the 

25 invention to provide a device that can house them in 

the Open IP Services Platform. Not only can these 
network components be disposed within the Open IP 
Services Platform, but more than one type of network 
component can be housed together. Essentially, all of 

30 the network components listed previously can be housed 

within a single unit of the Open IP Services Platform. 

In order to dispose these network components 
together so that they function, several novel elements 



WO 02/069175 



PCT/US02/06000 



10 

of the present invention had to be developed. A first 
aspect was a system for configuring the 
interconnections between the network components in the 
Open IP Services Platform. Consider multiple switches 
5 and a packet shaper disposed within the Open IP 

Services Platform. The packet shaper must be coupled 
to specific ports of the multiple switches. It is a 
novel aspect of the invention to provide the software 
management tool COREVISTA WEB(TM) that provides 

10 configuration control by physically interconnecting 

network devices that are stored within the Open IP 
Services Platform. Control is provided at what can be 
considered to be two levels. The first level of 
control enables the user to make specific port 

15 assignments if the system administrator is 

experienced, while the second level of control takes 
specific port assignments out of the hands of the 
administrator, and allows the specific configuration 
of ports to be left to the configuration software 

20 (COREVISTA WEB (TM) ) if the system administrator has 

only a limited understanding of network topology, or 
does not desire to control the network at such a 
detailed level . 

It should be mentioned that COREVISTA WEB (TM) is 

25 simple enough to operate that a network specialist 

does not have to be brought in to set up the Open IP 
Services Platform. This aspect of the invention is 
made possible because the interface provides drag-and- 
drop configuration, as well as pre -configured network 

30 topologies or "loads." 

With this brief introduction, an example of an 
Open IP Services Platform is shown in figure 2. 
Figure 2 illustrates that all of the network services 
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provided by individual network components 18, 20, 22, 
24, 26, 28 have been replaced by a single Open IP 
Services Platform 30. It should be remembered that 
any or all of the functions of the network devices 
5 described above can be replaced as desired. 

Figure 3 is a block diagram of the presently 
preferred embodiment of the present invention. This 
figure is provided to illustrate that the Open IP 
Services Platform 3 0 incorporates a Level 4 switch 

10 router 32 at the bottom level, and a general purpose 

central processing unit (CPU) 34 at the top level. It 
should be mentioned that while a general purpose CPU 
is preferred, any type of specialty CPU can be 
substituted. The reason for preferring a general 

15 purpose CPU is that it is going to be more flexible. 

In other words, the Open IP Services Platform 3 0 can 
do more than just function as a unit for consolidating 
network functions if it is given more processing power 
and ability to run more programs. The drawback is 

20 that a specialty CPU can be faster. However, given 

the fact that general purpose CPUs have increased in 
operation capabilities so rapidly, it is unlikely that 
the CPU would be a bottleneck to performance for most 
situations where the Open IP Services Platform is 

25 deployed. 

The switch router 32 communicates with the CPU 34 
via an internal Peripheral Component Interconnect 
(PCI) bus 36. Presently, that translates into a 
communication conduit of 240 Mbps between those 

3 0 * components 34, 36. However, the switch router 32 is 

communicating at wire speed with network components in 
levels 2-4. 

It is noted that it would take an OC-3 connection 
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to the Internet for the input to the Open IP Services 
Platform 3 0 to exceed the processing throughput 
capabilities of the CPU used in the preferred 
embodiment. The OC-3 type of connection is uncommon 
5 to most businesses/ and thus the present invention is 

going to handle almost all connection scenarios 
without becoming a bottleneck. It is envisioned, 
however, that this bottleneck will also be overcome. 
Figure 4 is a block diagram that is provided to 

10 give greater detail to the configuration of the Open 

IP Services Platform 30. The CPU 34 is preferably a 
single board computer (SBC) operating with an 
INTEL (TM) chipset. The preferred microprocessor for 
the SBC 34 is an INTEL (TM) PENTIUM (TM) III. The SBC 

15 34 communicates with memory in the form of SDRAM DIMMs 

38, and possibly an array of hard drives/flash drives 
40. The hard drives/flash drives 40 are optional, 
depending upon the needs of the network or of the 
network components being incorporated into the Open IP 

20 Services Platform 30, as will be explained. 

The switch router 32 is shown coupled to the SBC 
34 via the PCI bus 36. The switch router 32 has also 
been labeled as a network accelerator to more fully 
describe its function. The switch router 32 is shown 

25 as providing the port connections to external networks 

via the Gigabit Ethernet Fiber (GBIC) Ports 42, 10/100 
Mbps Ethernet (Base T) Ports 44, PCMCIA Expansion 
Ports 46, and additional PCI Expansion Slots 48. 
The PCI Expansion Slots 48 are designed to 

30 receive the hardware of the network function being 

installed. In other words, a third party network 
function card is installed in one of the PCI Expansion 
Slots 48, enabling the Open IP Services Platform 30 to 
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function as a load balancer, a firewall, etc. 

It is also noted that optional cards 50 can also 
be installed into the PCI Expansion Slots 48. These 
optional cards can include such functions as OC-3, DSL 
5 modem, Tl/El termination, and SCSI RAID. Thus it is 

seen that the Open IP Services Platform 30 is not 
fixed in its configuration or its function. 

Another advantage of utilizing an open 
architecture OS is that some users will want to drop 

10 their own software into the Open IP Services Platform 

30. Unfortunately, this flexibility also enables 
users to write code that can potentially interfere 
with the other functions in the Open IP Services 
Platform 30. Advantageously, the complete OS provides 

15 memory management that prevents third party software 

from jeopardizing the operation of any other network 
functions taking place. 

The Open IP Services Platform 30 is also operated 
by a mult i -tasking operation system. In the presently 

2 0 preferred embodiment, a stable and secure OS is 

desired. The Open IP Services Platform 3 0 is 
currently operated using FreeBSD or Linux. It is also 
important to understand that the OS operation within 
the Open IP Services Platform 30 is not what is 

25 typically referred to as an embedded OS. An embedded 

OS is often a smaller and less capable version of the 
complete OS. The present invention utilizes the 
complete OS so that all capabilities of the OS are 
available. These capabilities include the all- 

30 important security features. 

The Operating System 52 executes third party 
applications 54, with the global rules 56 including 
management, statistics, and Quality of Service flow 
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rules, and network services rules 58. Network service 
rules 58 include restrictive flow control, security, a 
DNS server, file services, bandwidth metering, a DHCP 
server, a firewall, and external service packs. 
5 The Operating System 52 communicates with the 

interface 60 of the SBC 34. This communication is 
controlled via policy interface 62. Virtual 
interconnects 64 handle the translation within the SBC 
34 of mapping virtual NIC instantiations 66 to 

10 physical port instantiations 66. 

Presently, COREVISTA WEB(TM) is utilized to 
control two different Open IP Services Platform 
configurations, the REACTOR 3 000 (TM) and the REACTOR 
5000 (TM). There are several common features in these 

15 products including: two Gigabit GBIC Ports 42, twenty 

four 10/100 (Base T) Ports 44, a single 733 MHZ 
PENTIUM (TM) III CPU 34 that is ungradable, 32 MB of 
RAM and 32 MB of Flash RAM 38, both ungradable, two 
USB ports, one serial port that is optional, and two 

20 PC card slots 46, type 2. The devices are different 

in that there are two PCI bus slots, and an optional 
hard drive on the REACTOR 3000 (TM). In contrast, the 
REACTOR 5000 (TM) includes four PCI bus slots, and 
comes with two RAID bays for up to 6 hard drives, and 

25 a redundant power supply. Both systems are 

configurable via local PC, serial port, modem, or via 
a network connection. More control is possible, 
however, using a configuration program that operates 
in the WINDOWS (TM) environment. 

3 0 It is observed that presently both systems run 

FreeBSD 4.2 and Linux Kernel 2.2.17 (RedHat 6.2 or 
7.0, Mandrake 6.2) Operating Systems. However, a PC 
running any Operating System can communicate with them 
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via Telnet or a command line interface. But the 
software configuration tool, COREVISTA WEB(TM), is 
currently a WINDOWS (TM) application. 

When considering how the present invention is 
5 different from the state of the art, the present 

invention hooks the networking functions into a server 
to make network functions more seamless. In other 
words, instead of just operating as a Network 
Interface Card (NIC) tied into a switch or router, the 

10 present invention provides full control over the 

switch and router functions . This approach is 
different from the state of the art because no one has 
previously tried to provide this type of interface 
that enables a third party to load their own 

15 components into a box providing some type of network 

function. In fact, this approach is antithetical to 
the business model of any other network function 
provider. For it is the desire of suppliers of 
network functions that the user not try to add 

20 hardware or software components of a third party into 

their own box. Obviously, this type of approach 
severely limits trying to build a "best of class" 
network if a user can only install certain brands of 
products when interoperability is a must. 

25 Thus, the present invention performs the unique 

function of being an integrator of network products 
that have previously required separate boxes or 
isolated operation in order to function. 
Advantageously, the present invention does not have to 

30 try and provide any of the network functions 

themselves, but instead provides a box that enables 
network cards performing all manner of functions to be 
disposed therein, while providing the hardware and 
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software to make interconnections between the 
different network cards. Thus, even though the 
present invention does provide switch/router 
capabilities, even these functions can be replaced or 
5 enhanced by the addition of a third party switch or 

router card. 

Another way to look at the invention is seen by 
examining its use of virtual NICs. Using virtual 
NICs, in the sense that they present a standard 

10 interface like a normal driver, up to the services and 

stacks above it in the software, the software believes 
it is communicating with a normal driver when it is 
not. A novel aspect of the invention is to be able to 
dynamically remap it to other services within the Open 

15 IP Services Platform. This means the data does not 

have to serialized/deserialized. This also gives the 
present invention the ability to remap to physical 
ports down through the bottom end of a networking 
stack. Another advantage is the ability to create 

20 rules based on a specific interface. Thus, the use of 

virtual NICs provides the invention with the ability 
to map processes to processes. 

Another use of the virtual NICs has to do with 
memory allocation. Typically, a pool of memory 

25 resides with the driver. Memory is handed off to 

other resources as needed. Memory, in this case a 
buffer, is eventually released and given back to a 
driver. An important aspect of the invention is to 
share all of the buffers across all of the virtual 

3 0 NICs. 

For example, consider a packet of data received 
by a router installed in the Open IP Services 
Platform. The router would had down a tag or pointer 
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for data stored in a buffer to a virtual NIC 
interface, which would hand the tag to a firewall. 
Thus, the data in a buffer is no longer being 
transferred or copied from buffer to buffer as each 
5 new process receives the data in the buffer, but 

instead the data remains in the same buffer, and 
control of the tag to the buffer is what is passed 
from process to process. Thus, the Open IP Services 
Platform becomes very fast and very efficient in its 

10 handling of packets because the present invention 

utilizes the virtual NICs or virtual interconnect that 
handles buffer data management across the services, 
rather than individually. Thus, buffer management is 
done globally, but handled at a low level. Thus, the 

15 allocation of memory in the buffer pool is known at 

all times because buffer management is being handled 
globally. 

Another aspect of the invention to consider is 
the combining of a server and switch. By doing so, 

2 0 the server has full access to all the data because the 

server has all of the protocols. Thus, the switch 
becomes a full router, with the ability to process and 
manipulate the data. Consider the advantage of being 
able to serve data immediately to a port so that the 

25 network itself does not become a bottleneck. For 

example, a typical network infrastructure limits speed 
of data to the 100 Mbit or 1 Gbit data pipes. But by 
merging the server and the switch together, data now 
moves at the speed of the bus in the server, which can 

30 be much greater. Furthermore, providing multiple 

system buses within the server provides the function 
of scalability by using the Open IP Services Platform 
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One of the novel aspects of the invention is that 
because the present invention is not trying to 
duplicate the functions of a proprietary firewall, 
call it Firewall A, there are no licensing fees to be 
5 paid because Firewall A is purchased and put into the 

Open IP Services Platform 30. The Open IP Services 
Platform 30 thus provides all of the functionality of 
Firewall A because it is the actual Firewall A. 
Likewise, Load Balancer B is manufactured by a 

10 different company, is purchased, and disposed within 

the Open IP Services Platform 3 0 next to Firewall A. 
Firewall A and Load Balancer B now provide all of 
their functionality in a single box. All 
interconnections between them are provide by the 

15 present invention down to a port-by-port basis. 

Another novel aspect of the invention is that it 
prevents exclusivity of function. Suppose that the 
manufacturer of Firewall A enters into an exclusive 
contract such that it is no longer available for use 

20 in the Open IP Services Platform 30. Advantageously, 

Firewall A is removed and Firewall B is put in its 
slot. After loading Firewall B's drivers, it is 
likely that no other configuration of Firewall B will 
be required. The firewall functions will operate as 

25 before. 

It is another aspect of the invention that most 
network functions can be added into the Open IP 
Services Platform 3 0 without modification. The only 
requirement is that the driver for the network 

30 function be provided for the OS that is running on the 

Open IP Services Platform 30. 

Another aspect of the invention is that the Open 
IP Services Platform 30 can communicate at wire speed 
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with other Open IP Services Platforms, This is 
advantageous when, for example, a particular function 
is not being performed fast enough in one particular 
unit . Just one function can be rerouted at wire speed 
5 to another Open IP Services Platform 30. 

Consider an Open IP Services Platform 30 that is 
performing the functions of a server that is providing 
FTP, web services, mail services, etc. It is possible 
to assign any of the services to different servers 

10 (Open IP Services Platforms 30) , at wire speed, to 

keep performance at a desired level . The present 
invention can also reconfigure the Open IP Services 
Platform 30 on the fly such that when certain 
performance bottlenecks are being reached, the Open IP 

15 Services Platform 3 0 will reassign functions as 

previously defined by the administrator. 

Another feature of the present invention is that 
both configurations of the Open IP Services Platform 
30 provide keyboard, mouse, and monitor ports. Thus, 

20 the Open IP Services Platform 30 is a full-fledged 

server that a developer can work on directly. 

Another novel aspect of the invention that 
increases versatility is the type of environments in 
which the Open IP Services Platform 30 can operate. 

25 Small businesses are often stashing network components 

into closets or other tight spaces. This closed 
environment typically runs hotter than a room with its 
own thermostat. Accordingly, the Open IP Services 
Platform 3 0 would normally run at a higher than 

30 optimal temperature. Another aspect of the invention 

is to provide a solid state refrigeration unit. This 
aspect is especially important when considering the 
commercial and industrial locations where the Open IP 
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Services Platform 3 0 will be used. This is also more 
important for the REACTOR 5000 (TM) model that includes 
hard drives. Hard drives are especially vulnerable to 
high operating temperatures. The refrigeration unit 
5 can be disposed just on the hard drives themselves. 

With these features in mind, it is useful to 
consider the manner in which the present invention 
utilizes them to achieve novel advantages, while 
observing that the advantages are available to all of 

10 the targeted core markets of SPs, LECs and 

Enterprises. First, the invention provides a 
consolidated equipment solution. Managing a wide 
array of single-function, multi-vendor network devices 
creates high installation and management costs. The 

15 present invention consolidates the many functions 

performed by the individual network devices . The 
equipment consolidation can be partial or total, with 
a single device replacing entire racks of physical 
equipment. Consolidation of network functions solves 

20 a critical long-term build-out problem in Enterprise 

IT rooms, SP data centers, and in LEC central offices 
where equipment proliferation often overwhelms 
available power, air conditioning or physical space 
limitations. Consolidated equipment means that there 

25 are fewer interconnections, fewer cables, and fewer 

moving parts to fail, resulting in increased uptime 
and reduced ongoing support costs. 

Consolidated network equipment greatly simplifies 
installation and ongoing maintenance. The present 

30 invention includes an elegant, intuitive, centralized 

management tool, COREVISTA WEB (TM) , that enables 
installation in a very short time relative to 
installation of multiple discrete network components. 
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Thus, the administrator can deploy units without 
needing to complete multiple, vendor- specific, 
certified training programs as will be explained. The 
present invention even offers self -configuring 
5 features on base units. 

The flexible allocation of network resources is 
made possible because COREVISTA WEB(TM) is used to 
make all connections between network devices installed 
in the present invention. Any single or combination 

10 of virtual or physical ports can be instantly 

reassigned new IP services on a port-by-port basis. 
This enables the administrator to reconfigure IP 
services as needs change, and without taking down any 
part of the network. This aspect is especially 

15 critical to large Enterprises, and almost any SP and 

LEC. 

One of the greatest advantages of the present 
invention is the use of open IP standards. 
Proprietary technologies are often initially 

20 attractive because lower costs can be achieved for a 

specific function. Disadvantageously, however, 
proprietary technologies often limit selection of 
complementary equipment, leaving the network function 
isolated and unexpandable . Additionally, proprietary 

25 equipment can preclude the use of certain IP services 

completely, and can require an administrator to 
provide specialized training for staff. Thus, hidden 
costs add up and quickly surpass any initial savings. 
The present invention delivers a truly open 

3 0 architecture communications platform specifically 

designed to enable rapid deployment of "best in class" 
applications and value-added services for mission- 
critical communications, while preserving existing 
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infrastructure. The present invention also enables 
the administrator to offer any IP service through the 
Enterprise, SP or LEC. 

Configuring the Open IP Services Platform 30 can 
5 be performed in various ways. To drag and drop icons 

representing the network components requires that the 
administrator access the Open IP Services Platform 
using the COREVISTA WEB(TM) configuration and control 
program. In contrast, access over the web using 

10 COREVISTA WEB(TM) enables the administrator to 

configure what is already loaded in the Open IP 
Services Platform 30, but not to design the layout. 
In other words, it enables the administrator to 
configure what is already loaded, but not change the 

15 layout. 

When performing configuration over a network, it 
is noted that SSH is provided for a secure and 
encrypted configuration session. 

One useful feature is that the configuration can 

20 be stored on and loaded from a PC card. Thus, if an 

SP or LEC needs twenty identical Open IP Services 
Platforms 30, only one has to be manually configured 
using the COREVISTA WEB (TM) configuration program. 
The configuration is then stored on a PC card that can 

25 be duplicated. The administrator then only has to 

insert the PC card into a non- configured Open IP 
Services Platform 30, and load the configuration using 
COREVISTA WEB (TM) . 

Both the REACTOR 3000 (TM) and the REACTOR 

30 5000 (TM) Open IP Services Platforms include a host of 

standard software applications right out of the box. 
These software applications include an APACHE (TM) web 
server, SQL (TM) -based database management, various 
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drivers and interface for the ports and other 
hardware, DHCP, IPB4 router, network access 
translation (NAT) , a restrictive flow packet shaper, 
SNMP, point to point protocol (PPP) , a virtual private 
5 network (VPN) , a virtual LAN (VLAN) , and SSH 

tunneling. Some Open IP Services Platforms can also 
include a SAMBA server, DNS, a POP mail server, and 
full software or hardware RAID functionality. 

The present invention also provides a 
standardized interface to all of the network cards 
that can be loaded. This interface is SQL-based to 
enable full control over access to the network 
functions. It is also a function of the invention to 
provide ActiveX modules for each network function that 
is being added. The power of this feature is that, 
for example, the ActiveX module can be input to a 
spreadsheet. As the network is operating, the 
spreadsheet is displaying all of the statistics of 
that network function in realtime. The ActiveX 
modules are displayed as icons that can be dragged and 
dropped in COREVISTA WEB (TM) . 

One of the advantages of the present invention 
that may not yet be apparent is that it includes a 
central point of configuration control. Each network 
card has an associated database and ActiveX component . 
Thus, two firewalls can be configured in exactly the 
same way. Obviously, each firewall card requires its 
own unique driver and instruction set because they are 
probably proprietary systems. Surprisingly, both of 
the firewall cards can be controlled using the 
identical ActiveX component and the same database. 
The present invention is able to provide a 
centralized, standard interface program that performs 
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the translation between the database and the firewall 
cards themselves . 

It was stated previously that the present 
invention provides allocation of network resources at 
5 the port, protocol, and IP address level. In other 

words, it is possible to control and thus sell IP 
services on a port -by-port basis. It is useful to 
examine several examples of how this works. 

Consider an office building with four tenants, A, 

10 B, C and D. In a packet shaper that comes with the 

REACTOR 3000 (TM), each of the tenants can be allocated 
Internet access by a rule set, trigger point, or 
manually. Rule sets are used to allocate resources. 
For example, the tenants can share a Tl line equally, 

15 where each tenant is restricted to 300 kb of 

bandwidth. A trigger point is used to activate 
particular rule sets, depending upon the conditions. 
Finally, it is possible to manually override the rule 
sets and trigger points. 

20 A first example is when none of the tenants are 

restricted to the amount of bandwidth that they can 
use. Therefore, tenant A may use 8 00 kb of bandwidth 
without interfering with the other tenants. Then, 
tenants B, C, and D all need 2 00 kb of bandwidth. At 

25 this point, the bandwidth of the Tl is exceeded. A 

trigger point can be set so that when bandwidth demand 
exceeds the maximum available bandwidth, the tenants 
are restricted. The rule set that is activated can 
divide all the bandwidth equally, or still favor the 

30 heaviest bandwidth user while reducing the bandwidth 

to that user. 

Bandwidth can also be allocated according to the 
type of activity that is being performed. Thus', 
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activity can be restricted based on protocol, or the 
type of activity that is occurring. Thus, all tenants 
can be given unrestricted flow control on e-mail, but 
restricted flow on web browsing or FTP. 
5 It was mentioned that flow control can be managed 

down to a single port. For example, there can be 
three ports, each port having a unique firewall and 
flow control configuration. This configuration is 
created using COREVISTA WEB(TM) . 

10 Another feature of the present invention when 

rules and trigger points are useful is when access is 
suddenly restricted to the Open IP Services Platform 
30 itself. For example, a network cable in the ground 
is cut by some construction ' activity . The Open IP 

15 Services Platform 3 0 can reconfigure itself based on 

the total available bandwidth that it sees. Thus, 
when a Tl line is cut, and the dial-up access becomes 
the only way to get out on the Internet, an Intranet, 
or other network, all users may be severely 

20 restricted, and yet enable vital services such as 

email to continue to operate, albeit slowly. However, 
access to web servers behind the Open IP Services 
Platform 30 from the outside may have to be eliminated 
to ensure email access. 

25 Not only can access to outside networks be 

dynamically allocated through COREVISTA WEB (TM) , but 
it is also possible to perform access metering. Thus, 
if a tenant desires to be charged only for actual use 
of access to an outside network, this can be done. 

30 It is important to realize that the scenarios 

described above are available only because all of the 
network functions are disposed within a single box 
that can reconfigure itself on the fly after being 
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configured through COREVISTA WEB(TM) . 

COREVISTA WEB(TM) requires a common SQL database 
structure be provided that enables each network 
function to be controlled thereby within the Open IP 
5 Services Platform. Regarding the configuration 

software, it is only necessary that each network 
function be controlled by an ActiveX module that is 
linked to an SQL database. Thus, a consistent 
interface to the actual network cards is provided. 

10 Furthermore, third parties can develop and deliver 

their own ActiveX module for their network component. 

By assigning each ActiveX module to its own SQL 
database, each network component is able to have its 
own password to its functionality. Therefore, an 

15 administrator can have a unique password for each 

network component, thereby enabling access to specific 
modules without compromising the entire network 
configuration . 

The other advantage of SQL databases is that each 

20 module can be controlled by a set of rules defined in 

COREVISTA WEB(TM) . These rules can be manually 
triggered, or automatically triggered by an event. 
The events can be time-based or triggered by network 
conditions. Likewise, bandwidth usage can be 

25 restricted when the demands outstrip the available 

supply. These events can even trigger a call for help 
to a system administrator or to another designated 
party . 

This flexibility in control of the aspects of the 
30 Open IP Services Platform enable unprecedented 

opportunities. For example, a business can provide 
Internet -access to any other business in a building, 
thus operating as a mini-Internet Service Provider 
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(ISP) . Bandwidth can be doled out in any desired 
increments to users. The bandwidth can even be 
controlled down to the port on a switch . 

The advantages of the management tool are made 
5 more apparent by a closer examination of its 

functions. But it is also important to make a 
distinction between two versions of the management 
tool. The two versions are COREVISTA WEB (TM) and 
COREVISTA(TM) . COREVISTA WEB (TM) is the management 

10 tool that is accessed either by a direct connection, 

or over a network connection. Thus, a network 
administrator can modify the settings of an Open IP 
Services Platform from a remote location. In 
contrast, COREVISTA (TM) is the version of the 

15 management tool that can only be accessed locally or 

directly. 

The difference in access to COREVISTA WEB (TM) and 
COREVISTA (TM) is related to the functions that can be 
performed. While both versions are capable of 

20 managing an Open IP Services Platform, COREVISTA 

WEB (TM) is the only version capable of remote access, 
and COREVISTA (TM) is the only version that is 
currently capable of drag-and-drop configuration. 
This COREVISTA (TM) is a WINDOWS (TM) application, and 

25 COREVISTA WEB (TM) is a browser-based application. 

This document first describes the functionality 
and use of COREVISTA WEB (TM) , and then describes the 
drag-and-drop interface of COREVISTA (TM) . The first 
time that a network administrator uses COREVISTA 

3 0 WEB (TM) is when an Open IP Services Platform is being 

set up before connecting it to a network. In this 
case, the network administrator utilizes the default 
IP address for the URL in the browser's URL window. 
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Subsequent use of COREVISTA WEB (TM) to access the Open 
IP Services Platform allow access via the IP address 
that the network administrator provides the Open IP 
Services Platform during setup. Note that COREVISTA 
5 WEB (TM) is configured to run on port 8000 for http, 

and on port 8001 for https. An example of the URL to 
put in the URL window of a browser is 
https ://<EC_Reactor_IP__Address>: 8001 for an SSL 
connection, or http: / /<EC_Reactor_IP_Address> : 8000 for 

10 a regular http connection. 

The network administrator must enter a network 
password to gain access. The default username is 
root, and the default password is EmergeSQL. For a 
first time user, the network administrator is directed 

15 to a Quick Configuration page to teach how to 

configure basic network settings. 

If this is not the first time starting COREVISTA 
WEB (TM) , then the COREVISTA WEB (TM) main page is 
opened as shown in figure 5, The user is logged in 

20 with Administrator rights, enabling the user to add 

and modify other users and their rights, as well as 
manage all configurations and available databases. 

COREVISTA WEB (TM) is a management tool that 
includes an interface with familiar components and 

25 windows. Figure 5 is a view of a browser page 200, . 

having a tool pane 2 02 that enables the user to select 
which module to configure and manage, a content pane 
204 that enables the user to view or modify a module's 
entries, and a status bar 2 06 that provides basic 

30 status information for the Open IP Services Platform. 

The tool pane 202 is located along the left side 
of the browser page 200, and shows two groups of 
menus. The first group corresponds to global 
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configuration and administration tasks, such as Quick 
Configuration, Ports Configuration, and Administration 
of Modules, Configurations, and Users. The second 
group is a set of menus dynamically comprised of 
5 application modules that are available for the 

specific Open IP Services Platform that is being 
configured. These dynamic menus appear in accordance 
with the installed functions in the Open IP Services 
Platform. The bottom of the tool pane 2 02 has a drop- 

10 down window 208 that displays the pre -canned 

configurations that are available on the Open IP 
Services Platform. The window 208 also designates the 
currently active configuration. The configuration 
that is selected determines the modules that are 

15 listed in the expandable module menu group (second 

group) . The active configuration is displayed at 
startup by default. Changing the configuration only 
requires selecting it from the drop down menu window 
208 once the configurations are installed. 

20 The content pane 204 is located in the main 

window of the browser page 200. It displays content 
based on the selection made in the tool pane 202. It 
provides the name of the configuration that is 
currently active. It also contains module sub-menu 

25 buttons across the top of the content pane 2 04 for 

module management. 

The status bar 2 06 is located along the bottom 
edge of the browser page 200. It contains the name of 
the Open IP Services Platform, status, uptime, and 

30 load information. 

A first time user of COREVISTA WEB(TM) is 
required to set up the Open IP Services Platform 
through Quick Configuration. Quick Configuration 
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enables network and Internet connectivity quickly and 
easily. The administrator must 1) specify basic 
network configuration settings for the network, 2) 
configure basic DNS settings for the network, 3) 
5 configure basic DHCP configuration settings for the 

network, 4) configure basic Network Address 
Translation (NAT) settings for the network, and 5) 
specify a domain from which mail will be received. 
After the Open IP Services Platform is configured, any 

10 of these settings can be changed by accessing the 

corresponding application module. 

After setup, COREVISTA WEB (TM) enables the 
administrator to easily configure each of the Open IP 
Services Platform's hardware ports. The interface is 

15 graphical as shown in figure 6. The administrator 

selects the ports to configure by clicking on the 
appropriate port boxes on the port display 210, and 
clicking on Select 212. 

Figure 7 shows an example of the selected ports 

20 configuration page. Note that each of the settings is 

changed using a drop-down box. The administrator can 
set speed, duplex, flow control, broadcast/multicast, 
back pressure, and enable/disable. 

As an administrator, it is possible to manage 

25 users, and determine and specify the modules and 

configurations that users have access to. Adding a 
user is performed through the Administration 
application as shown in figure 8. Figure 8 shows an 
example of users and the application module which each 

30 user can access. The Administration application. 

enables the administrator to add users, modify users, 
add or remove module access for each user, and add or 
remove services for each user. 
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Figure 9 is an example of the configuration 
management page. This page enables the administrator 
to manage pre -configured configurations. This 
includes the functions of viewing, creating, editing, 
5 copying, adding or removing modules or services, 

making a specific pre-canned configuration the active 
configuration, loading a pre-canned configuration from 
a PC card, and saving a pre-canned configuration to a 
PC card. 

10 COREVISTA WEB (TM) also enables the administrator 

to manage application modules, including creating, 
editing, adding a service, editing a service, and 
enabling or disabling a specific application module in 
a configuration. 

15 Another advantage of the present invention is the 

statistical information that can be generated in a 
graphical form. Statistics are available for flow and 
for ports. Figure 10 is an example of a port-based 
statistics page. Figure 11 is an example of a port- 

20 based statistics graph. 

Figure 12 is an example of a protocol statistics 
page. The administrator can choose to view statistics 
in real time, over the last 24 hours, the last week, 
the last month, and the last year. Figure 13 is an 

25 example of a protocol statistics graph. 

Application modules for a selected configuration 
are displayed in the COREVISTA WEB (TM) tool pane 202, 
and are grouped by module type. Figure 14 is an 
example of an APACHE (TM) management page. Figure 15 

30 is an example of a Virtual Hosts Page. 

The present invention also enables configuration 
of bandwidth settings. Bandwidth management enables 
the administrator to specify the amount of IP traffic 
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down to a port -by-port level. Bandwidth management 
operates by dividing packets into flows according to a 
specified mask on IP header fields. Packets belonging 
to a specific flow are then passed to either a pipe, 
5 which emulates a link with specific transmission 

parameters, or to a queue, which associates a weight 
and a reference pipe to a flow, which is then 
scheduled at the rate fixed by the pipe. Figure 16 is 
an example of a Bandwidth Management page. 

10 The present invention also enables the 

administrator to configure DHCP settings. Under DHCP, 
a computer is designated as the DHCP server. All of 
the other computers you specify on the network are 
DHCP clients. Figure 17 is an example of a DHCP 

15 network parameters page. 

The present invention also enables the 
administrator to configure DNS settings. DNS is a 
distributed database that keeps track of the different 
host names, network names, and IP addresses used on 

20 the Internet. DNS is responsible for translating 

alphanumeric domain names into actual IP addresses. 
It provides the mapping between IP addresses and 
hostnames. DNS configuration takes place in four 
areas: resolv.conf entries, DNS forwarders, zone 

25 information, and zones. Figure 18 is an example of a 

DNS management page. 

Whereas routing enables the administrator to 
specify how to route packets, a firewall enables the 
administrator to decide, with specific detail, whether 

30 to route packets. COREVISTA WEB(TM) enables the 

administrator to easily create, view, modify or update 
the firewall rules in the Firewall module. The Open 
IP Services Platform is preconf igured with a default 
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firewall rule that allows all network traffic from the 
outside to enter the LAN, and vice versa. It all 
comes with another firewall rule that denies all 
network traffic from the outside to the LAN, and vice 
5 versa. Figure 19 is an example of a Firewall 

Management page. 

Figure 20 is an example of a Network Address 
Translation (NAT) Interface page. Before creating or 
modifying NAT rules, the administrator must determine 

10 if the Open IP Services Platform will implement 

dynamic NAT or static NAT. Static NAT is a lot like 
port forwarding, described below, except that Static 
NAT is implemented in a per-IP address basis, rather 
than on a per-port basis. A static NAT rule would in 

15 effect say: "All traffic to public IP Address X will 

be forwarded to private IP address Y." Under static 
NAT, the administrator assigns private IP addresses, 
under dynamic NAT, they are assigned on a first -come, 
first-served basis. In order to use the Open IP 

2 0 Services Platform NAT module, the administrator must 

have at least one rule specified in the Firewall 
module that specifies some type of "allow" action. 
Otherwise, no traffic will ever reach the NAT module. 
Figure 21 is an example of the Network Management 

25 Page. The Network Management module enables the 

administrator to configure network settings including 
global network settings, interface settings, network 
date and time settings, and halting or rebooting of 
the Open IP Services Platform. Figure 22 is an 

30 example of the Interface Management page. 

Figure 23 is an example of the Port Forwarding 
page. Port forwarding enables the administrator to 
forward packets from the Internet to a computer on a 
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private network. The advantage to this is similar to 
the advantage to using NAT: the computer on the 
private network to which the packets are forwarded 
does not need a valid public IP address. COREVISTA 
5 WEB(TM) enables the administrator to specify port 

forwarding rule chains that govern how ports are 
forwarded, depending on who or where the network 
traffic is being sent from. 

Figure 24 is an example of the qmail Management 

10 Page which enables the administrator to easily add 

domains for qmail, which is the Open IP Services 
Platform mail server. 

Figure 25 is an example of the Routing 
Configuration page. IP is the session-layer protocol 

15 that provides secure communication for TCP/IP networks 

and the Internet. The routing module can be 
configured to regulate packet forwarding by tracking 
addresses, routing outgoing messages, and recognizing 
incoming messages. 

20 Figure 26 is an example of the SANGOMA(TM) 

Interface page. This page enables the administrator 
to set the data rate, protocol, clocking, etc. 

Figure 27 is an example of the VLAN Management 
page. The Open IP Services Platform enables the 

25 creation of up to 26 different port-based VLANs . With 

COREVISTA WEB (TM) , it is possible to establish and 
manage VLANs. 

Figure 28 is an example of the VPN Client 
Configuration page. A VPN is a private connection 

30 between two machines or networks over a shared or 

public network. Virtual private networks operate by 
encapsulating regular IP traffic inside an encrypted 
IP channel. Because the Internet has emerged as both 
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the largest and the least expensive WAN in the world, 
many companies are forming VPNs as private WANs . 
COREVISTA WEB(TM) can configure VPN client and VPN 
server services, as well as specify the VPN user name 
5 and password. 

Figure 29 is an example of the FTP page. Figure 
30 is an example of the SSH page. Figure 31 is an 
example of the SWAT page, which provides access to 
SAMBA (TM) 9 s SWAT configuration tool without opening a 

10 second browser window. Figure 32 is an example of the 

WEBMIN(TM) page. 

Having shown the various features of COREVISTA 
WEB (TM) , it is now easy to show the additional 
services offered by COREVISTA (TM) . COREVISTA (TM) 

15 enables the administrator to perform all of the 

functions of COREVISTA WEB (TM) , and also provides the 
further advantageous feature of drag-and-drop 
configuration of a network. 

Figure 33 is an example of a COREVISTA (TM) 

20 configuration page. In this page, the left hand side 

contains an objects pane 220. The objects pane 
includes icons that represents network functions that 
are offered by the particular Open IP Services 
Platform being configured. These icons are ActiveX 

25 objects that represent the network functions. The 

right hand side is the configuration pane 222. 
Configuring a network is as simple as selecting an 
object from the objects pane 220 and dragging it to 
the configuration pane 222. As network functions are 

30 dragged and dropped into the configuration pane 222, 

the interconnections between these functions is also 
made. For example, a line is drawn between a FireWall 
icon 224 and a PacketShaper 226. Thus, the 
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administrator creates the structure of the network in 
the graphical interface. Advantageously, the 
administrator is also able to specify specific ports 
if desired, or allow COREVISTA(TM) to make the desired 
5 connections as it sees fit. It should be remembered 

that only those network functions within the Open IP 
Services Platform are those portions of the network 
that are being created. Network functions and devices 
outside the Open IP Services Platform are not shown. 

10 COREVTSTA(TM) makes the appropriate interconnections 

within the hardware of the Open IP Services Platform. 
Thus, the present invention takes advantage of the 
versatility of the Open IP Services Platform by making 
the ability of the platform to 

15 It is to be understood that the above -described 

arrangements are only illustrative of the application 
of the principles of the present invention. Numerous 
modifications and alternative arrangements may be 
devised by those skilled in the art without departing 

20 from the spirit and scope of the present invention. 

The appended claims are intended to cover such 
modifications and arrangements. 
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Claims 

What is claimed is : 

1. A method for configuring the functions of an Open 
IP Services Platform, said method comprising the steps 

5 of: 

1) providing an Open IP Services Platform which 
integrates the functions of at least two network 
devices in a single unit; 

2) providing configuration and management 

10 software in the Open IP Services Platform that enables 

the functions of the at least two network devices to 
be configured and managed; and 

3) configuring interconnections between the at 
least two network devices in accordance with settings 

15 programmed using the configuration and management 

software . 

2. A system including configuration and management 
software for controlling an Open Internet Protocol 

20 (IP) 

services platform that integrates the functions of at 
least two network services in a single unit that does 
not require external wires to couple the at least two 
network services together, said system comprising: 
25 a single board computer (SBC) f including memory; 

an open architecture Operating System (OS) stored 
in the memory; 

at least two bus connectors for receiving cards 
that perform network functions, wherein the at least 
30 two bus connectors are coupled to the SBC; 

a switch/router board coupled to the single board 
computer; 

a plurality of network ports, wherein the 
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plurality of network ports are coupled on a first side 
to the switch/router board, and provide a connection 
to a network on a second side thereof; and 

configuration and management software for 
5 controlling interconnections between the at least two 

bus connectors, the switch/ router board, and the SBC. 



3 . The system as defined in claim 2 wherein the open 
architecture Operating System is selected from the 
10 group of Operating Systems comprised of FreeBSD and 

Linux. 



4 . The system as defined in claim 3 wherein the at 
least two bus connectors further comprise peripheral 
15 component interconnect (PCI) bus connectors. 



5. The system as defined in claim 4 wherein the 
switch/ router board is further comprised of: 
a PCI to PCI bus bridge; 
20 a PCI to PCMCIA bus bridge; 

at least one random access memory module; and 
a media switch for performing switch and router 
function. 



25 6. The system as defined in claim 5 wherein the 

plurality of network ports further comprises: 
at least two gigabit ethernet ports; 
at least twelve 10/100 ethernet ports; and 
at least two PCMCIA type 2 expansion ports. 

30 

7. The system as defined in claim 6 wherein the 
plurality of network ports further comprises at least 
one universal serial bus (USB) port. 
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8 . The system as defined in claim 7 wherein the at 
least two PCI bus connectors are coupled to network 
card performing network functions, wherein the network 
functions are selected from the group of - network 
5 functions comprising routers, switches, load 

balancers, bridges, firewalls, packet shapers, and 
servers . 



9 . The system as defined in claim 8 wherein the SBC 
10 further comprises a microprocessor that is selected 

from the group of. microprocessors comprised of general 
purpose microprocessors and special purpose 
microprocessors . 

15 10. The system as defined in claim 9 wherein the 

configuration software further comprises a software 
utility that enables drag-and-drop configuration of 
network components, to thereby simplify configuration 
of network components within the Open IP Services 

20 Platform. 



11. The system as defined in claim 10 wherein the 
configuration software utilizes icons that are 
representative of the network components, wherein the 

25 icons are ActiveX modules that define the functions 

that are performed by the network components. 

12. The system as defined in claim 11 wherein the 
switch/router board is a level 4 network device that 

30 is capable of communicating with other Open IP 

Services Platforms at wire speed. 
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13 . The system as defined in claim 12 wherein the 
system further comprises a solid state refrigeration 
unit, where the refrigeration unit is disposed 
directly on a case of a hard drive, thereby directing 
5 cooling efforts directly on the most temperature 

sensitive device within the Open IP Services Platform. 
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